Published: 14/08/2023 Updated: 02/01/2024

CVSS v3 Base Score: 7.8 | Impact Score: 5.9 | Exploitability Score: 1.8

VMScore: 0

GNU inetutils prior to 2.5 may allow privilege escalation because of unchecked return values of set*id() family functions in ftpd, rcp, rlogin, rsh, rshd, and uucpd. This is, for example, relevant if the setuid system call fails when a process is trying to drop privileges before letting an ordinary user control the activities of the process.

Vulnerable Product	Search on Vulmon	Subscribe to Product
gnu inetutils

Debian Bug report logs - #1049365 inetutils: CVE-2023-40303 Package: src:inetutils; Maintainer for src:inetutils is Guillem Jover <guillem@debianorg>; Reported by: Salvatore Bonaccorso <carnil@debianorg> Date: Mon, 14 Aug 2023 18:45:02 UTC Severity: important Tags: security, upstream Found in version inetutils/2:2 ...

oss-sec mailing list archives   By Date By Thread </form>    Re: inetutils ftpd, rcp, rlogin, rsh, rshd, uucpd: Avoid potential privilege escalations by checking set*id() return values <! ...

CWE-252 https://lists.gnu.org/archive/html/bug-inetutils/2023-07/msg00000.html https://ftp.gnu.org/gnu/inetutils/https://git.savannah.gnu.org/cgit/inetutils.git/commit/?id=e4e65c03f4c11292a3e40ef72ca3f194c8bffdd6 https://lists.debian.org/debian-lts-announce/2023/10/msg00013.html http://www.openwall.com/lists/oss-security/2023/12/30/4 https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1049365 https://nvd.nist.gov

CVE-2023-40303

Vulnerability Summary

Vendor Advisories

Mailing Lists

References

Vulmon Search

About

Products

Connect